91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

跨域資源共享漏洞怎么修復

九三
741
2021-02-07 11:23:50
欄目: 網絡安全

跨域資源共享漏洞怎么修復

修復跨域資源共享漏洞的方法

修復代碼如下:

public class RefererFilter implements Filter {
private static Logger logger = LoggerFactory.getLogger(RefererFilter.class);
private final String ORIGIN = "Origin";
private final String REFERER = "referer";
/** 允許訪問的域名列表 */
private List allowDomainList = new ArrayList<>();
/** 過濾器忽略處理的url規則 */
private List excludes = new ArrayList<>();
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (logger.isDebugEnabled()) {
logger.debug("referer filter is open");
}
// 判斷該url是否需要過濾
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
if (handleExcludeURL(req, resp)) {
chain.doFilter(request, response);
return;
}
if (null != allowDomainList && !allowDomainList.isEmpty()) {
logger.info("referer過濾");
String origin = req.getHeader(ORIGIN);
// 獲取referer域
String referer = getRefererDomain(req.getHeader(REFERER));
logger.info("origin={}, referer={}", origin, referer);
if (origin == null || (allowDomainList.contains(origin) && (allowDomainList.contains(referer)))) {
// 有值,就繼續執行下一個過濾鏈
chain.doFilter(request, response);
} else {
// 服務器拒絕
resp.setStatus(HttpStatus.FORBIDDEN.value());
}
} else {
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
if (logger.isDebugEnabled()) {
logger.debug("referer filter init ====================");
}
String excludesTemp = filterConfig.getInitParameter("excludes");
if (excludesTemp != null) {
String[] url = excludesTemp.split(",");
for (int i = 0; url != null && i < url.length; i++) {
excludes.add(url[i]);
}
}
logger.info("excludes={}", excludes);
String allowDomainListTemp = filterConfig.getInitParameter("allowDomainList");
if (allowDomainListTemp != null) {
String[] url = allowDomainListTemp.split(",");
for (int i = 0; url != null && i < url.length; i++) {
allowDomainList.add(url[i]);
}
}
logger.info("allowDomainList={}", allowDomainList);
}
/**
* @param request
* @param response
* @return
*/
private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
if (excludes == null || excludes.isEmpty()) {
return false;
}
String url = request.getServletPath();
logger.info("校驗{}是否需要referer過濾。", url);
for (String pattern : excludes) {
Pattern p = Pattern.compile("^" + pattern);
Matcher m = p.matcher(url);
if (m.find()) {
return true;
}
}
return false;
}
/**
* 獲取referer域名
* 
* @param refererUrl
* @return
*/
private static String getRefererDomain(String referer) {
String result = referer;
if (StringUtils.isNotBlank(referer)) {
if (referer.startsWith("https://")) {
int i = referer.substring(8).indexOf("/");
if (i > 0) {
result = referer.substring(0, 8 + i);
}
} else if (referer.startsWith("http://")) {
int i = referer.substring(7).indexOf("/");
if (i > 0) {
result = referer.substring(0, 7 + i);
}
}
}
return result;
}
}

0
公主岭市| 图们市| 焉耆| 长岭县| 永宁县| 肃北| 伊春市| 屏东县| 西宁市| 北海市| 安远县| 民乐县| 保靖县| 阿巴嘎旗| 航空| 西华县| 客服| 南靖县| 民勤县| 石家庄市| 桂平市| 乐至县| 巴马| 鄂伦春自治旗| 邳州市| 铜陵市| 惠安县| 武城县| 柘荣县| 东城区| 扎鲁特旗| 巴彦淖尔市| 盘锦市| 博乐市| 双峰县| 辉县市| 昌黎县| 易门县| 崇礼县| 丰都县| 浑源县|